login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Friday, May 20, 2016

Using disk-based projects with OpenJDK

Since the introduction of Burp projects in Burp Suite 1.7 we've had some reports of native crashes in the OpenJDK JVM when using disk-based projects.

Disk-based projects use memory-mapped files, which have been a core part of the Java API spec for a very long time. Because memory-mapped files need to be implemented in native code, there is inherently more potential for compatibility issues, both with the core OS and with disk drivers.

It appears that a bug in OpenJDK may cause the JVM process to crash when using memory-mapped files. This appears to affect only certain platforms, notably Kali Linux.

The easiest way to resolve this issue is to use Oracle Java, which does not contain the bug.

We appreciate that in some instances using Oracle Java may not be practical. We have received reports that this bug has been patched in JDK 9, and it may be possible to backport this patch to Java 7 or 8.

3 comments:

Anton said...

A backported patch for JDK8 is here:
https://github.com/pentoo/pentoo-overlay/blob/master/dev-java/icedtea/files/openjdk8-JDK-8140630.patch

However, JDK7 looks different. So as a quick workaround you need to re-compile it without optimizations (configure --without-optimizations).

Andy said...

Thanks

gnu_andrew said...

This is a hack to work around the bug.

The correct fix is:

http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/13759d57abca
http://hg.openjdk.java.net/jdk9/hs-rt/hotspot/rev/75f6573e9c44

I suspect the reason Oracle haven't backported it is that they work with specific compilers for certain releases, so they see GCC >= 4.9 as being tied to OpenJDK 9 and beyond. I've just finally got GCC 6 fix upstream in 8, and there was no impetus from Oracle to do so there either; it all came from others. You won't see it with the proprietary "Oracle Java" for this reason; they use an older compiler for those binaries.


Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Copyright 2016 PortSwigger Ltd. All rights reserved.